MyBatis使用Druid数据源批量更新失败
已经允许批量更新
filter:
wall:
config:
multi-statement-allow: true #允许一次批量更新操作,会导致SQL注入
Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, expect EQ, actual IDENTIFIER pos 372, line 22, column 20, token IDENTIFIER id : update sys_role
set
name = ?,
remark = ?,
create_by = ?,
create_time = ?,
last_update_time = ?,
last_update_by = ?,
where id = ?
update sys_role
set
name = ?,
remark = ?,
create_by = ?,
create_time = ?,
last_update_time = ?,
last_update_by = ?,
where id = ?
解决:在代码中循环
@PostMapping("/update/list")
public HttpResult update( @RequestBody List sysRoles){
try{
for(SysRole sysRole: sysRoles){
sysRole.setLastUpdateTime(new Date());
sysRoleService.update(sysRole);
}
return HttpResult.ok(sysRoles);
}catch (Exception e){
e.printStackTrace();
return HttpResult.error("角色修改失败");
}
}
作者:天又热了
